Security Game Analysis Model of RFID System Based on Bayesian Attack Graph

doi:10.3969/j.issn.1006-2475.2024.07.014

Abstract

Abstract: In view of the lack of comprehensive and effective risk management and security assessment of RFID systems， in order to achieve effective analysis of the security risks of RFID systems and the assessment of the overall risk status of target RFID systems， this paper proposes a Bayesian attack graph-based RFID system security game analysis method. On the basis of Bayesian attack graph model， combined with game thought， the risk situation of RFID system is analyzed， and the process of the attacker invading the system is abstracted into the game model of the attack and defense. This paper firstly determines the offensive and defensive strategy based on the relevant information of the target system， and constructs the corresponding offensive and defensive game matrix by calculating the strategic income of the attacker and the defender， then obtains the Nash equilibrium state， determines the optimal strategy of each participant， and finally calculates the expected income of both parties to determine the security state of the target RFID system: If the expected return of the attacker is greater than the expected return of the defender， the system is in the risk state; otherwise， the system is in the security state. The experiment results show that the game model proposed in this paper can well realize the security analysis of target RFID system.

Key words: , RFID, Bayesian attack graph, security game analysis

CLC Number:

TP393.08

MA Huiping1, LI Peng1, 2, HU Sujun1. Security Game Analysis Model of RFID System Based on Bayesian Attack Graph[J]. Computer and Modernization, 2024, 0(07): 93-99.

References

［1］周余阳，程光，郭春生. 基于贝叶斯攻击图的网络攻击面风险评估方法［J］. 网络与信息安全学报， 2018，4（6）:11-22.
［2］ WU H， GU Y， CHENG G， et al. Effectiveness evaluation method for cyber deception based on dynamic bayesian attack graph［C］// Proceedings of the 3rd International Conference on Computer Science and Software Engineering. ACM， 2020:1-9.
［3］杨英杰，冷强，常德显，等. 基于属性攻击图的网络动态威胁分析技术研究［J］. 电子与信息学报， 2019，41（8）:1838-1846.
［4］黄义夫. RFID系统安全检测关键技术研究［D］. 成都:电子科技大学， 2014.
［5］杨晓明. RFID攻击建模及安全技术研究［D］. 成都:电子科技大学， 2015.
［6］ HARISH V， CHRISVIN D S， THOTTUNGAL R. Overview of RFID security and its applications［C］// 2021 International Conference on Advancements in Electrical， Electronics， Communication， Computing and Automation （ICAECA）. IEEE， 2021. DOI: 10.119/ICAECA52838.2021.
9675754.
［7］黄可可. 面向物联网的RFID安全认证协议研究［D］. 扬州:扬州大学， 2020.
［8］李宇松. 浅析RFID系统安全防护［J］. 信息网络安全， 2021（S1）: 252-254.
［9］张恒巍，张健，韩继红，等. 基于博弈模型和风险矩阵的漏洞风险分析方法［J］. 计算机工程与设计， 2016，37（6）:1421-1427.
［10］ ANGERMEIER D， WESTER H， BEILKE K， et al. Security risk assessments: Modeling and risk level propagation［J］. ACM Transactions on Cyber-Physical Systems， 2023，7（1）:1-25.
［11］ WANG H， ZHU C H， SHEN Z H， et al. A network security risk assessment method based on a B_NAG model［J］. Computer Systems Science & Engineering， 2021，38（1）:103-117.
［12］ JAVORNÍK M， KOMÁRKOVÁ J， SADLEK L， et al. Decision support for mission-centric network security management［C］// 2020 IEEE/IFIP Network Operations and Management Symposium. IEEE， 2020. DOI：10.1109/NOMS47738.2020.9110261.
［13］ WANG R， GONG Q J， ZHEN K， et al. Research on RFID security evaluation method in smart meter［C］// 2020 IOP Conference Series: Earth and Environmental Science. IOP， 2020，645. DOI 10.1088/1755-1315/645/1/012081.
［14］ NAN X M， CHEN R Q， TIAN H T， et al. Network situation risk assessment based on vulnerability correlation analysis［C］// 2021 IEEE International Conference on Progress in Informatics and Computing. IEEE， 2021:330-334.
［15］金志刚，王新建，李根，等. 融合攻击图和博弈模型的网络防御策略生成方法［J］. 信息网络安全， 2021，21（1）:1-9.
［16］ SUN P Y， ZHANG H W， MA J Q， et al. A selection strategy for network security defense based on a time game model［C］// 2021 International Conference on Digital Society and Intelligent Systems （DSInS）. IEEE， 2021:223-228.
［17］ FEI J X， CHEN K， YAO Q G， et al. Security vulnerability assessment of power IoT based on business security［C］// Proceedings of the 2020 1st International Conference on Control， Robotics and Intelligent System. ACM， 2020:128-135.
［18］ MIN H， LI C Y. Construction of information security risk assessment model based on static game［C］// 2021 6th International Symposium on Computer and Information Processing Technology. IEEE， 2021:646-650.
［19］ SUN P Y， ZHANG H W， LI C W. Attack path prediction based on bayesian game model［J］. Journal of Physics： Conference Series， 2021，1955（1）. DOI: 10.1088/1742-6596/1955/1/012098.
［20］ LOUAI M， ECKHARD P. MAEVA: A framework for attack incentive analysis with application to game theoretic security assessment［C］// The 16th International Conference on Internet Monitoring and Protection. ICIMP， 2021:31-36.
［21］ JUSTINE C， PRASAD R R， THOMAS C. Game theoretical analysis of usable security and privacy［J］. Security and Privacy， 2021，4（5）. DOI: 10.1002/spy2.55.
［22］ WANG Z G， LU Y， LI X， et al. Optimal network defense strategy selection based on Markov Bayesian game［J］. KSII Transactions on Internet and Information Systems， 2019，13（11）: 67-77.
［23］张健，王晋东，张恒巍. 静态贝叶斯博弈在信息系统风险分析中的应用［J］. 计算机工程与应用， 2015，51（11）:76-82.
［24］李洋，刘天莺，朱建明，等. 基于Q学习与贝叶斯博弈的物联网安全［J］. 计算机工程与设计， 2022，43（4）:901-906.
［25］赵健，王瑞，李正民，等. 物联网系统安全威胁和风险评估［J］. 北京邮电大学学报， 2017，40（1）:135-139.
［26］韦早裕，吴鸣旦，马楠，等. 基于博弈模型的物联网系统漏洞风险评估［J］. 信息安全研究， 2018，4（10）:914-921.
［27］江建成，周中良，阮铖巍，等. 基于动态贝叶斯博弈的双机行为决策方法［J］. 计算机仿真， 2016，33（7）:95-98.

[1]	ZHENG Jiuchao, ZHAO Xinyuan. Entity Linking Method Based on Topics and Description Information [J]. Computer and Modernization, 2024, 0(12): 10-14.
[2]	ZHAO Chenyang, XUE Tao, LIU Junhua. Fashion Clothing Pattern Generation Based on Improved Stable Diffusion [J]. Computer and Modernization, 2024, 0(12): 15-23.
[3]	WANG Xiaohang1, LI Yongjie1, YU Lei1, FAN Xiao2. A Method of Using Compound Event Probability Operation to Solve Problem of Negative Information Blocking Maximization [J]. Computer and Modernization, 2024, 0(12): 24-33.
[4]	ZHANG Xiaodong1, BAI Guangzhi1, LI Min1, LI Haoyang2. Oil and Gas Well Production Prediction Model Based on Empirical Wavelet Transform [J]. Computer and Modernization, 2024, 0(12): 53-58.
[5]	LIU Yunhai1, Feng Guang1, WU Xiaoting2, YANG Qun2 . Safety Helmet Wearing Detection Algorithm for Complex Construction Scenes [J]. Computer and Modernization, 2024, 0(12): 66-71.
[6]	LIU Baobao, YANG Jingjing, TAO Lu, WANG Heying . DSMSC Based on Attention Mechanism for Remote Sensing Image Scene Classification [J]. Computer and Modernization, 2024, 0(12): 72-77.
[7]	GU Yue, DENG Songfeng, SHEN Ji, MU Wentao, ZHAO Enqi. SAR Ship Detection Algorithm Based on Improved YOLOv8 [J]. Computer and Modernization, 2024, 0(12): 78-83.
[8]	WU Xiuling1, ZHOU Sheng1, WANG Chunjuan1, YU Cuizhuo2, LIU Hao3. Research Progress in Ultra Short-term Power Load Forecasting Technology [J]. Computer and Modernization, 2024, 0(12): 108-115.
[9]	LI Deyou1, 2, YU Jinsongdi1, 2, WEI Dandan1, 2, LUO Yuan1, 2, TONG Ruiju3. Abstract Tree Model for Gridded Cube Metadata [J]. Computer and Modernization, 2024, 0(11): 1-6.
[10]	GONG Yicheng1, 2, LIU Qing1, 2. Beijing Opera Binary Classification Based on RF-LCE-BiLSTM-Attention-AMSSA Model [J]. Computer and Modernization, 2024, 0(11): 7-12.
[11]	LI Taoying, LI Meng, WU Mengqiao. Taxi Passenger Flow Prediction Based on Heterogeneous Spatiotemporal Graph#br# Convolutional Networks [J]. Computer and Modernization, 2024, 0(11): 13-18.
[12]	ZHANG Tai1, YAN Zihao2, DUAN Jie2, ZHANG Zhihong2. Information Forwarding Strategy of Internet of Vehicles in Named Data Network [J]. Computer and Modernization, 2024, 0(11): 19-27.
[13]	YUAN Qingle, MU Li. Inventory Forecasting Method Based on Improved Elman Neural Network [J]. Computer and Modernization, 2024, 0(11): 28-33.
[14]	ZHANG Kun1, ZHANG Yongwei1, WU Yongcheng1, ZHANG Xiaowen2, ZHAI Shichen2. An LLM-based Method for Automatic Construction of Equipment Failure Knowledge Graphs [J]. Computer and Modernization, 2024, 0(11): 46-53.
[15]	YE Xue, YANG Sheng, CHENG Kai, ZHU Feng. A Financial Knowledge Q&A Model for Power Enterprise Based on ChatGLM2-6B [J]. Computer and Modernization, 2024, 0(11): 54-63.